Patterns
- Active Warnings
- Attractive Options
- Complete Delete
- Conveying Threats & Consequences
- Create a Security Lexicon
- Create Keys When Needed
- Delayed Unrecoverable Action
- Detailed Notifications About Security
- Direct Access to UI Components
- Disable by Default
- Disable of Services
- Disclose Significant Deviations
- Distinguish Between Run and Open
- Distinguish Internal Senders
- Distinguish Security Levels
- Email-Based Identification and Authentication
- Explicit Item Delete
- Explicit User Audit
- Failing Safely
- General Notifications About Security
- Immediate Notifications
- Immediate Options
- Indirect Access to UI Components
- Informative Dialogues
- Install Before Execute
- Key Continuity Management
- Levels of Severity
- Leverage Existing Identification
- Localization of Specific Areas
- Migrate and Backup Keys
- Noticeable Contextual Indicators
- Providing Recommendations
- Quick Description of UI Components
- Redundant Notifications
- Reset to Installation
- Restricted Areas Notification
- Security Features Used by the System
- Security Features Used by the User
- Send S/MIME-Signed Email
- Separating Content
- Sequential Access to UI Components
- Suggestive Dialogues
- System’s Security Tasks
- The Absence of Indicators
- Track Received Keys
- Track Recipients
- Warn When Unsafe
Patterns are based on scientific sources.
Usable Security Pattern - The Absence of Indicators
Luigi Lo Iacono, Peter Nehren
December 21, 2015
The Absence of Indicators
| Name | The Absence of Indicators |
| Sources | (Egelman, 2009) |
| Synonyms | None |
| Context | An indicator should be used when a danger has been detected, or additional information is available which may lead the user to believe the a website is unsafe. |
| Problem | Some indicators indicate positive things, thus, users are supposed to be alerted when these indicators do not appear on a webpage. However, many users are unalarmed by the absence of these indicators or simply fail to take notice. |
| Solution | Users should not be expected to notice the absence of an indicator. Instead of using positive indicators when at a “good” website, use a negative indicator to indicate a “bad” website. |
| Examples | The SiteKey indicator as used by PNC bank. For this security indicator to be effective, the user is required to notice the absence of the tiger picture on a spoofed PNC website. Source: (Egelman, 2009) |
| Implementation | When using warning message to distinguish between good and bad websites, do not use indicators to denote good websites. Either use warning message when encountering bad websites, since there will be less of an incentive to spoof these, or use pervasive contextual indicators. Both types of indicators should be inserted by the web browser so that website designers will have a harder time spoofing the indicators. |
| Consequences | Building on Noticeable Contextual Indicators, absent indicators are rarely noticed because there is nothing to examine at the user’s focus of attention. When positive indicators are used for trust, attackers can also mimic them and confuse the user. Most users do not know the difference between chrome and content, therefore there is an incentive for the attacker to spoof positive indicators. When negative indicators are used, there are fewer incentives for the attacker to spoof them. |
| Dependencies | None |
| Relationships | [Noticeable Contextual Indicators] |
| Principles | [Consistent Controls and Placement] |
| Guidelines | None |
| Check lists | None |
| Use cases | None |
| Tags | The Absence of Indicators, Noticable Contextual Indicators, Fail Safety, Expectation Conformity |
| Log history | [12/21/2015]: Added to repository |
References
Egelman, S., 2009. Trust me: Design patterns for constructing trustworthy trust indicators. ProQuest.